1. Field of the Invention
The present invention relates to a system and method for providing security in a mobile Microwave Access (WiMAX) network system.
2. Description of the Related Art
A mobile Worldwide Interoperability for Microwave Access (WiMAX) network system is usually constructed with at least one mobile station, a radio access station, an access control router, an Authentication, Authorization, and Accounting (AAA) server, and a licensed certification authority. A network between the radio access station and the access control router is an Access Service Network (ASN), and a network between the access control router and the Authentication, Authorization, and Accounting (AAA) server is a Connectivity Service Network (CSN).
The mobile station may be a portable subscriber station and provides mobile Internet service.
The radio access station (RAS) is located at an endpoint of a wireline network and communicates with the mobile station via a wireless interface.
The Access Control Router (ACR) controls the mobile station and the radio access station and routes Internet Protocol (IP) packets.
The licensed certification authority provides the same certificate to the radio access station, the access control router, and the Authentication, Authorization, and Accounting (AAA) server.
The Authentication, Authorization, and Accounting (AAA) server performs authentication, authorization and accounting on a user and the mobile station, such that a Microwave Access (WiMAX) Internet service is provided to the user when the user is authenticated and authorized.
Security is the most critical issue in providing the Microwave Access (WiMAX) service, which is a mobile Internet service. An initial mobile station (MS) entry procedure in a typical mobile Microwave Access (WiMAX) network system defined in the Microwave Access (WiMAX) Forum will now be described.
First, the mobile station receives an Uplink-map (UL-MAP) message from the radio access station. The Uplink-map (UL-MAP) message includes a plurality of initial ranging codes. The mobile station selects one of the plurality of ranging codes and transmits the selected ranging code to the radio access station.
After performing such a ranging-code selection process, the radio access station and the mobile station perform a ranging process by exchanging a ranging request message (RNG-REQ) and a ranging response message (RNG-RSP) with each other. This process is described in greater detail in the Institute of Electrical and Electronics Engineers (IEEE) 802.16e, section 6.3.2.3.5.
Subsequent to the ranging process, the mobile station and the radio access station perform a Mobile station (MS) basic capability (BC) negotiation process. First, the mobile station transmits a Subscriber station Basic Capability (SBC) request message (SBC-REQ) to the radio access station. Upon receipt of the Subscriber station Basic Capability (SBC) request message, the radio access station transmits a NetEntry Mobile station (MS) State Change Request Message to the access control router to request an authorization policy.
The access control router transmits a NetEntry Mobile station (MS) State Change Response Message to the radio access station to deliver the authorization policy. A Subscriber station Basic Capability (SBC) response message (SBC-RSP) including the authorization policy received from the access control router is transmitted from the radio access station to the mobile station. Since the authorization policy includes an authentication method to be performed by the mobile station, the procedure corresponds to security negotiation. Subsequently, a Privacy Key Management (PKM) authentication procedure is performed.
The access control router transmits an Extensible Authentication Protocol (EAP) request code and identity to the radio access station according to the authentication relay protocol (AuthRelay-EAP-Transfer). In response thereto, the radio access station transmits a Privacy Key Management (PKM) response message to the mobile station to deliver the Extensible Authentication Protocol (EAP) request code and identity.
The mobile station transmits a response to the Extensible Authentication Protocol (EAP) request to the access control router via the radio access station. Specifically, the mobile station responds with a Privacy Key Management (PKM) request message (PKM-REQ) to the radio access station (EAP response/identity-Network Access Identifier (NA)). The radio access station transmits the Extensible Authentication Protocol (EAP) response from the mobile station to the access control router by using an authentication relay protocol. The response includes a Network Access Identifier.
An Extensible Authentication Protocol (EAP) authentication procedure is performed by using the network access identifier. When the authentication procedure is successful, authentication success is reported to the mobile station through a context-report message and a Privacy Key Management (PKM) response message PKM-RSP.
The radio access station and the mobile station perform 3-way handshaking as defined in the PKM version 2, and hereby incorporated by reference. The 3-way handshaking procedure is a process of transmitting a Standards Association Traffic Encryption Key challenge (SA-TEK-challenge) message, a Standards Association Traffic Encryption Key request (SA-TEK-request) message and a Standards Association Traffic Encryption Key response (SA-TEK-response) message.
Following the 3-way handshaking procedure, the mobile station requests a Traffic Encryption Key (TEK) from radio access station. The radio access station sends the traffic encryption key to the mobile station. The Privacy Key Management (PKM) authentication procedure then ends.
As the Privacy Key Management (PKM) authentication procedure ends, the mobile station and the radio access station perform secure data communication using the TEK.
The method for providing security between the mobile station and radio access station in the mobile Microwave Access (WiMAX) network system has been described so far.
The method for providing security between the mobile station and the radio access station is standardized in the Institute of Electrical and Electronics Engineers (IEEE) 802.16e and provides a Privacy Key Management (PKM)-based security service. That is, contemporary security schemes defined in the Institute of Electrical and Electronics Engineers (IEEE) 802.16e standard document, “IEEE Standard for Local and metropolitan area networks Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems”, by IEEE Computer Society and the IEEE Microwave Theory and Techniques Society, published on 28 Feb. 2006, and hereby incorporated by reference, and the Microwave Access (WiMAX) Forum's Network Working Group (NWG) stage documents, “WiMAX End-to-End Network Systems Architecture, Stage 2: Architecture Tenets, Reference Model and Reference Points”, by WiMAX Forum Proprietary, published on 8 Aug. 2006 and hereby incorporated by reference, and “WiMAX End-to-End Network Systems Architecture, Stage 3: Detailed Protocols and Procedures”, by WiMAX Forum Proprietary, published on 8 Aug. 2006 and hereby incorporated by reference, recommend performing RSA authentication developed by RSA Security or Extensible Authentication Protocol (EAP) authentication based on PKM version (PKMv2) in an initial network entry process.
Accordingly, separate security functionality is not provided for security contexts exchanged prior to successful authentication in the initial network entry process.
Wireless traffic encryption functionality is provided for message exchange between the mobile station and the radio access station though Privacy Key Management (PKM) authentication and key exchange, but not for message exchanges in the Access Service Network (ASN) and between the Access Service Network (ASN) and the Connectivity Service Network (CSN).
In particular, a guideline for security of a network reference model proposed by the Microwave Access (WiMAX) Forum states that message exchange in the Access Service Network (ASN) is assumed to be performed in a reliable domain and that security functionality may be provided for message exchange between the Access Service Network (ASN) and the Connectivity Service Network (CSN), and in particular, for exchange of authentication-related messages between the Access Service Network (ASN) and an Authentication, Authorization, and Accounting (AAA) server in the Connectivity Service Network (CSN), via an Internet Protocol (IP) Security (IPSec) tunnel.
In the case of the contemporary mobile Microwave Access (WiMAX) network system, however, a Microwave Access (WiMAX) Forum does not apply a specific security scheme to the access network section consisting of the Access Service Network (ASN) and the Connectivity Service Network (CSN).
A contemporary Access Service Network (ASN) security technique is vulnerable to rogue radio access station/traffic analysis attacks because the inside of the Access Service Network (ASN) is just assumed to be a secure domain for exchange of Subscriber station Basic Capability (SBC) negotiation/authentication-related messages in an Access Service Network (ASN) section between the radio access station and the Access Service Network (ASN)/Gateway (GW).
Likewise, although critical messages for user/terminal authentication in connection with the Authentication, Authorization, and Accounting (AAA) server are exchanged in a network section between the Access Service Network (ASN) and the Connectivity Service Network (CSN), the Network Working Group (NWG) merely sets forth availability of the Authentication, Authorization, and Accounting (AAA) server capable of interworking with IPSec, and authentication/key-related information may be leaked to unauthorized third party entities by a traffic analysis attack.